This Terraform script is based on this blog post, modified to work with a Django app.
Another interesting resource: https://github.com/hashicorp/best-practices/tree/master/terraform/providers/aws.
TODO
ECS tasks logs will be sent to the us-east-1 region. This is specified in each task definition JSON file. For more information see: Using the awslogs Log Driver.
- Public SSH key/pair, edit
production_key.pub - The AWS region, main domain name, database credentials and the app secret are located
in
terraform.tfvars. - RDS/Elasticache instance size (and other vars) in
production.tf - Main container port and ENV variables in
modules/ecs/tasks/web.json - Main container Github source in
modules/code_pipeline/main.tf - CPU/RAM: need to be updated in
ecs/server.tf/ecs/task_definitions/server.json,ecs/frontend.tf/ecs/task_definitions/frontend.json
brew install terraformterraform initterraform apply -var 'access_key=foo' -var 'secret_key=bar'terraform destroy -var 'access_key=foo' -var 'secret_key=bar'
- Enable code build/pipeline
- Rails -> Django
- Add ElastiCache Redis
- Add public EC2 server that can connect to the DB and Redis
- Update django sample app to connect from DATABASE_URL and REDIS_URL
- Add Elastic IP for ssh (rename -> Bastion)
- Setup domain name
- Setup Cloudfront
- Have the frontend use assets from Cloudfront
- Rename production to staging
- Setup ALB
- SSL
- Make sure admin works
- Add prod parity
- Change SSH keys to IAM so multiple pub keys can be used to access bastion
- Writer better README
- Replace supervisor by 3 distinct ECS tasks (celery, celery beat, server)
- Add health check for backend from ECS
- Add monitoring
- Settings for instance types/container sizes
- Add CI
- Use Aurora Postgres
- Add ECS service discovery (instead of Consul) https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html
- DB backups? (should be included with Aurora)
- Add VPN to protect the EC2 instance
- Add Vault + Consul
- DB migrations? Maybe we need a console
- Do we need nginx?
- ALB/ELB health check?